CLAIMS 



What is claimed is: 

1 . In an SSG based network, a method for performing layer 2 authentication of a 
Mobile Node supporting Mobile IP, comprising: 

obtaining layer 2 information including at least one of a MAC address and 
username associated with the Mobile Node; 

generating an orphaned host object including the layer 2 information; and 
unorphaning the orphaned host object when an IP address associated with the 
layer 2 information is received such that the unorphaned host object includes the IP 
address and the layer 2 information, thereby enabling layer 3 policies to be enforced. 

2. The method as recited in claim 1, further comprising: 
obtaining a username associated with the Mobile Node; 

wherein the orphaned host object includes the username associated with the 
Mobile Node. 

3. The method as recited in claim 1, wherein obtaining layer 2 information 
comprises: 

receiving the layer 2 information in an access request packet; 
wherein generating the orphaned host object is performed when an access 
accept packet is received indicating the Mobile Node associated with the layer 2 
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information has been authenticated by a AAA server. 



4. The method as recited in claim 1, wherein unorphaning the orphaned host 
object comprises: 

receiving a packet including the IP address and the layer 2 information; and 
updating the orphaned host object to include the LP address, thereby generating 
an unorphaned host object. 

5. The method as recited in claim 4, wherein receiving a packet including the IP 
address and the layer 2 information comprises: 

receiving an ACCT start packet including the IP address and the layer 2 
information. 

6. The method as recited in claim 5, further comprising: 
receiving an ACCT stop packet including the IP address; and 

deleting the unorphaned host object when the ACCT stop packet is 

received. 

7. The method as recited in claim 1, further comprising: 
deleting the unorphaned host object. 
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8. The method as recited in claim 7, further comprising: 

receiving an ACCT stop packet including the IP address; 

wherein deleting the unorphaned host object is performed when the ACCT 

stop packet is received. 



9. The method as recited in claim 4, wherein the packet including the IP address 
and layer 2 information further includes an IP address of a network device from which 
the packet was received, the method further comprising: 

maintaining a mapping between the IP address of the network device and the 
IP address of the Mobile Node such that a mapping of one or more Mobile Nodes 
supported by the network device is maintained. 

10. The method as recited in claim 9, wherein the packet including the IP address 
and the layer 2 information is an ACCT start packet. 



1 1 . The method as recited in claim 9, further comprising: 

receiving a packet including the IP address of the network device that 

indicates that the network device is not functioning; and 

deleting an unorphaned host object or orphaning a host object for each of the 
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Mobile Nodes supported by the network device. 

12. The method as recited in claim 11, wherein the packet including the IP address 
of the network device that indicates that the network device is not functioning is an 
ACCT-OFF packet. 

13. The method as recited in claim 11, wherein the packet including the IP address 
of the network device that indicates that the network device is not functioning is an 
ACCT-ON packet. 

14. A computer-readable medium storing thereon computer-readable instructions 
for performing layer 2 authentication of a Mobile Node supporting Mobile IP in an 
SSG based network, comprising: 

instructions for obtaining layer 2 information including at least one of a MAC 
address and username associated with the Mobile Node; 

instructions for generating an orphaned host object including the layer 2 
information; and 

instructions for unorphaning the orphaned host object when an IP address 
associated with the layer 2 information is received such that the unorphaned host 
object includes the IP address and the layer 2 information, thereby enabling layer 3 
policies to be enforced. 

15. An apparatus for performing layer 2 authentication of a Mobile Node 
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supporting Mobile IP in an SSG based network, comprising: 

means for obtaining layer 2 information including at least one of a MAC 

address and username associated with the Mobile Node; 

means for generating an orphaned host object including the layer 2 

information; and 

means for unorphaning the orphaned host object when an IP address 
associated with the layer 2 information is received such that the unorphaned host 
object includes the IP address and the layer 2 information, thereby enabling layer 3 
policies to be enforced. 

16. An apparatus for performing layer 2 authentication of a Mobile Node 
supporting Mobile IP in an SSG based network, comprising: 
a processor; and 

a memory, at least one of the processor and the memory being adapted for: 
obtaining layer 2 information including at least one of a MAC address and 
username associated with the Mobile Node; 

generating an orphaned host object including the layer 2 information; and 
unorphaning the orphaned host object when an IP address associated with the 
layer 2 information is received such that the unorphaned host object includes the IP 
address and the layer 2 information, thereby enabling layer 3 policies to be enforced. 
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